http://securitywireweekly.blogs.techtarget.com A SearchSecurity.com podcast Fri, 05 Sep 2008 14:34:15 +0000 http://backend.userland.com/rss092 en A recently discovered flaw in the Debian version of Linux meant that any OpenSSL keys generated during the past 20 months could be guessed in a matter of hours. But does the vulnerability suggest broader security issues for Linux? Michael Cobb explores the origin of the flaw and what it ... http://securitywireweekly.blogs.techtarget.com/2008/09/05/debian-a-niche-os-with-a-not-so-niche-security-flaw/ In this episode of the Nameless Security Podcast, Dennis Fisher sits down with Paul Roberts, a security analyst with The 451 Group, and Ryan Naraine, a blogger and evangelist with Kaspersky Labs, to talk about the launch of Google’s Chrome browser, the rash of browser-based exploits, the changing threat model ... http://securitywireweekly.blogs.techtarget.com/2008/09/04/naraine-roberts-on-google-chrome-browser-based-exploits-and-malware/ Security researcher Gadi Evron is revitalizing the Botnets mailing list to get researchers to share more raw data with the security community. Evron says information sharing is the key to reducing cybercrime. http://securitywireweekly.blogs.techtarget.com/2008/09/03/sww-researcher-pushes-data-sharing/ In this Security Newsmakers Podcast, SearchSecurity.com's Neil Roiter asks Scott Weiss, vice president and general manager of Cisco’s Security Technology Group and former IronPort CEO, about the state of the self-defending network in 2008 and the impact of the acquisition over the past 18 months. http://securitywireweekly.blogs.techtarget.com/2008/09/02/self-defending-networks-in-2008/ In this episode of the Nameless Security Podcast, Rich Mogull, the founder of Securosis and a former Gartner analyst, discusses the benefits and limitations of DLP products and how life as a disaster medic prepared him for work as a security analyst. http://securitywireweekly.blogs.techtarget.com/2008/08/28/rich-mogull-on-dlp-and-homeownership/ Bob Russo, general manager of the PCI Security Standards Council explains the changes ahead in version 1.2 of PCI DSS. The use of WEP is being eliminated and antivirus software is required for all operating systems, Russo said. http://securitywireweekly.blogs.techtarget.com/2008/08/27/sww-pci-rules-halt-wep-push-8021x/ Security organizations often struggle to compensate for unknowing employees who fall victim to social engineering attacks. It's the unenviable job of information security to prevent that from happening. In this tip, Markus Jakobsson details the ills of social data mining and how technology can help thwart attacks that seek to ... http://securitywireweekly.blogs.techtarget.com/2008/08/22/countermeasures-against-targeted-attacks-in-the-enterprise/ Alex Sotirov created quite a stir at Black Hat earlier this month with the paper he and Mark Dowd presented on Vista memory protection attacks. In this episode, he talks about the effect of those attacks, the changing nature of vulnerability research and what lies ahead for application security. http://securitywireweekly.blogs.techtarget.com/2008/08/22/alex-sotirov-on-vista-memory-attacks/ Raffael Marty, author of Applied Security Visualization, talks about how security visualization techniques can help improve security decisions. Marty is chief security strategist at log analysis vendor Splunk. http://securitywireweekly.blogs.techtarget.com/2008/08/20/sww-security-visualization/ ModSecurity, the popular open source Web application firewall is getting a new tool that observes and analyzes application traffic and helps establish accepted behavior. In this special edition of Security Wire Weekly, Ivan Ristic, recognized for his work in building the ModSecurity, discusses his new ModProfiler and the challenges of ... http://securitywireweekly.blogs.techtarget.com/2008/08/18/sww-open-source-web-application-firewall/